Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson opens with the reasons for software insecurity. Software insecurity can be attributed to the following reasons: • Lack of training • Lack of funding • No prioritization of security • Security as an afterthought There are a number of vulnerability databases which are great resources the address the issue of software insecurity, they include: • Open Web Application Security Project Top 10 (OWASP) • Common Vulnerabilities and Exposure (CVE) • Common Weakness Enumeration (CWE) • National Vulnerability Database (NVD) • Computer Emergency Response Team Vulnerability Database (US CERT) This lesson specifically focuses on OWASP 1 through 5. OWASP is an international organization with the goal of raising awareness and stress the need for security in web based applications. The top 5 are: • Injection • Broken authentication and session management • Cross site scripting (XSS) • Insecure direct object references • Security misconfiguration